package com.zhigh.project.security.test;

import com.zhigh.project.security.jcasbin.access.annotation.Model;
import com.zhigh.project.security.jcasbin.access.effect.EffectorType;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;


/**
 * ABAC (Attribute based access control)
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
@Model(
        requestDefs = {"r = sub, dom, obj, act"},
        policyDefs = {"p = attr_rule, role, dom, obj, act"},
        effectType = EffectorType.AFFIRMATIVE,
        roleDefs = {"g = _, _, _"},
        matchers = {
                "eval(p.attr_rule) && r.dom == p.dom && g(r.sub.id, p.role, p.dom) && r.obj == p.obj && r.act == p.act",
                "g(r.sub.id, 'admin', r.dom)"
        }
)
public @interface ABACModel {

}
